Welcome to another episode of Techknow, the podcast in which Sophos experts debate, explore and explain the often baffling world of computer security.
In this episode, entitled Understanding Vulnerabilities, Paul Ducklin and Chester Wisniewski demystify vulnerability jargon in a way that’s useful to IT administrators.
After all, we’ve become so used to abbreviations like RCE, EoP and DoS that they have begun to lose their significance.
They stand for Remote Code Execution, Elevation of Privilege and Denial of Service respectively – problems that sound serious when written out in full, but somehow become “just one of those things” when reduced to acronym form.
But is an RCE worse than an EoP? Is a DoS less serious than an EoP? Where do Information Disclosure bugs fit in?
Chet and Duck help you answer these questions, and more, not only for the sake of interest, but also so that you can prioritise your patches in a way that fits your organisation best.
In the past week or so we’ve had biggish updates from Microsoft, Adobe, Oracle, and Apple; then we had updates to Microsoft’s updates; then an emergency “Fix it” for Internet Explorer; and we’ve just this minute finished writing up the latest Firefox fixes.
So the timing of this Techknow could scarcely be better!
Other episodes you might like
- Sophos Techknow – Understanding Botnets
- Sophos Techknow – The End of XP
- Sophos Techknow – Two-factor authentication
- Sophos Techknow – All about Java
- Sophos Techknow – Understanding SSL
- Sophos Techknow – Patching: lead, follow, or get out of the way?
- Sophos Techknow – Busting Password Myths